Tony Bradley, author of
Essential Computer Security, and Harlan Carvey, technical editor, have produced a book that provides history and context, as well as practical advice for securing home computers, or computers on small networks (referred to as small office/home office, or SOHO, throughout the book).
Essential Computer Security is well-organized; each chapter has a summary and list of resources where readers can go for additional information on the topic covered. Chapters include sections such as "tools and traps" that highlight important notes and copious figures include screenshots for quick and easy reference.

Essential Computer Security is written in a conversational style, suitable for both novice and experienced computer users. The authors also have a sense of humor. For example, in chapter 11, they describe how to boot a computer into safe mode so security software can remove some malware. Most anyone who had started a computer in Safe Mode will recognize this scenario:

"To boot your computer into Safe Mode, you should restart the system and press the F8 key repeatedly to bring up the boot menu. Technically, you should press F8 when the screen displays the 'Starting Windows ...' message, but that appears and disappears so quickly that it is hard to get the timing right" (174).

The book is organized into four parts, beginning with Part I: Basic Windows Security, and followed by More Essential Security in Part II. Part III continues with Testing and Maintenance, and Part IV details additional Security Resources in three appendixes.

Most of the book addresses how to secure computers running the Windows XP operating system, but it does include security for other operating systems. It is an unfortunate but inevitable fact for technology books that they are somewhat outdated as soon as they are published; Essential Computer Security was published in 2006; the latest Windows operating system, Vista, debuted in 2007. With significant changes in the operating system, it is likely that not all information would be useful for owners of computers running on Windows Vista.

Part one is divided into four chapters introducing basic computer security concepts. Chapter 1 covers basic Windows security. In addition to giving advice on how to set up and secure a computer running Windows XP (Home and Professional editions), it also provides background information to explain why the recommended measures should be followed. The instructions are easy to follow, with figures that illustrate the Windows menus and screens.

Chapter 2, "Passwords," is useful for anyone with a computer, regardless of operating system. It explains what strong passwords are, why they are essential to use, and how to construct them. It describes the various ways hackers attempt to crack passwords, and how to keep strong passwords secure.

Chapter 3 introduces malware, including viruses, worms, and Trojans, rootkits, bots, and zombies. After defining all the terms associated with malware, Bradley gives a brief history of malware. He discusses the importance of installing, properly configuring, and maintaining anti-virus software. He mentions several options consumers have to protect themselves from malware, but does not recommend any single product. He does include free as well as commercial products, and the resources list at the end of the chapter includes links to news stories about malware attacks.

The final chapter in Part I addresses patching. Bradley explains patching technology (such as the difference between a rollup and a service pack). He compares applying system patches to vaccinating your computer against future attacks. The chapter ends with instructions on using Windows System Restore to return a computer to a state prior to a particular patch.

The focus of Part II, More Essential Security, is on connecting to a network, namely the Internet. Five chapters cover perimeter security, email safety, web surfing privacy and safety, wireless network security, and spyware and adware. Most information in Part II applies to any computer operating system, but Internet Explorer is the Web browser covered most thoroughly.

Chapter 5 tells the reader how and why to install firewalls, and the various other methods to monitor and protect SOHO computer networks. Explanations are easy to understand, and the diagrams provide good visual explanations. There are different methods for protecting personal computers and the chapter concludes, "No matter what kind of system you have, you need some type of security to protect your data. That is what everyone is after, not your computer and not your mouse. It is better to overdo it, than not do it ..." (84).

Chapter 6 covers Web-based and POP-3 email, attachments, spam, phishing, and email filtering. After this chapter the reader should have a good understanding of why it is important to monitor the use of email, and how to prevent breaches through email attacks.

The next two chapters in Part II address the dangers of surfing the World Wide Web and measures to protect one's computer and the data stored on it. While these chapters do cover third-party software one can use, much emphasis is placed on security measures to employ with the Internet Explorer Web browser. From cookies to wireless security measures, these chapters tell the small office/home network administrator how to deter the would-be hacker or intruder from compromising the network or connected computers. Chapter 8 in particular is a must-read for anyone with a wireless home network. The recommendations can be implemented with little or no expense, and can prevent unwanted intrusions. It concludes with a discussion of ways to protect one's computer while using free wireless networks.

Chapter 9 defines adware and spyware, and clearly details ways to limit personal information shared with others. It outlines the differences between adware and spyware, and then tells how to get rid of those which are unwanted.

The importance of installing patches and updates to the operating system and applications is covered in Chapter 10, "Keeping Things Secure." The Windows XP Security Center is highlighted as a tool to check the security status of the computer. Keeping the system running smoothly complements security measures because computer inefficiency, or "bloat," is one sign the system has been compromised. Bradley explains the importance of conscientiously performing tasks seemingly unrelated to computer security, such as disk defragmenting. In the chapter conclusion, he reminds readers that "security is a process, not an event and it required ongoing awareness and maintenance to keep your computer secure" (164).

"When Disaster Strikes" addresses what to do if there is a suspected or confirmed security breach. The author explains how to check event logs in Windows XP, and how to configure event logs in Windows XP Professional (it is not available in the Home edition). The log discussion continues with how and why to check firewall logs, and where to find information on how to interpret the various logs, such as Web sites. It then explains why to backup data, how to use the Windows system restore when all else fails. Finally, Chapter 11 discusses when to call on professionals, and recommends this option particularly for small businesses because legal ramifications of loss of financial or other sensitive personal and business data.

Chapter 12 is the final chapter in Essential Computer Security, and computer users who are interested in alternatives to the Windows operating system. Interestingly, it does not address the Mac OS at all. It is not clear why there is no coverage of Macs. In terms of market share, Mac and Linux (and all other operating systems) have little influence, but the Mac OS has a greater share of the desktop computing market than Linux [1]. The book does give balanced coverage to the Linux operating system, and several options for common desktop environments (CDEs), window servers, window managers, and common productivity software such as email, Web browsers, and word processors. The topics covered are perhaps the most advanced, and likely the most unfamiliar, to most SOHO computer users.

Part Four, Security Resources, includes three valuable Appendixes. This section of the book can be considered advanced topics for further study. The first appendix provides additional information on networking and home computer security. Appendix B is a case study of a small office network, and it covers security decisions for the network. Appendix C is a glossary. All terminology introduced in the book is defined and explained here. It is a useful reference tool when putting the book's recommendations into practice. Finally, there the book is well indexed with cross references. The glossary and index together make is easy to understand terminology and locate where the topic is addressed.

For Windows XP users in small office or home office environments, this book lives up to its title.

Technology Electronic Reviews (TER) is an irregular electronic serial publication of the Library and Information Technology Association, a division of the American Library Association, 50 E. Huron St., Chicago, IL 60611. The primary function of TER is to provide reviews of and pointers to a variety of print and electronic resources about information technology. Resources include books, articles, serials, discussion lists, training materials, bibliographies, and other items of interest to librarians and information technology professionals. The topics covered may include, but are not limited to, networking technologies and standards; hardware and software; operating systems; databases; specific programming languages; management tools and utilities; technical project management; training and personnel issues; library perspectives; and research and development.

Opinions expressed in this publication are those of the writers and do not necessarily represent the viewpoints of LITA, ALA, or organizations involved in the storage and/or distribution of the publication.

TER is distributed electronically via Internet. There is no subscription fee.

LITA provides its members, other ALA divisions and members, and the library and information science field as a whole with a forum for discussion, an environment for learning, and a program for action on the design, development, and implementation of automated and technological systems in the library and information science field.